From: tb Date: Wed, 8 Sep 2021 14:33:02 +0000 (+0000) Subject: Fix leak in cms_RecipientInfo_kekri_decrypt() X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=3cd888acd571765f2f8c29ab7d8deda4b929eb51;p=openbsd Fix leak in cms_RecipientInfo_kekri_decrypt() Free ec->key before reassigning it. From OpenSSL 1.1.1, 58e1e397 ok inoguchi --- diff --git a/lib/libcrypto/cms/cms_env.c b/lib/libcrypto/cms/cms_env.c index 74d957eee08..a88ea636620 100644 --- a/lib/libcrypto/cms/cms_env.c +++ b/lib/libcrypto/cms/cms_env.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_env.c,v 1.23 2019/10/04 18:03:56 tb Exp $ */ +/* $OpenBSD: cms_env.c,v 1.24 2021/09/08 14:33:02 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -792,6 +792,7 @@ cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) goto err; } + freezero(ec->key, ec->keylen); ec->key = ukey; ec->keylen = ukeylen;